Deauthentication attacks can be used to expedite various operations (Uncloak Hidden SSIDs, Pre-Shared Key (PSK) Attacks, Enterprise Network Attacks, etc). The deauthentication attack is used to spoof messages from an access point, requesting that all stations disconnect from the wireless infrastructure. This forces the targeted station(s) to reconnect and re-authenticate to the network. Deauthentication attacks should be conducted in a targeted manner, as deauthentication is in-essence a denial of service attack. Sustained attacks could have a negative impact on the customer environment.
Procedure
Note: This procedure has your concurrently run an attack tool for deauthentication while monitoring wireless communication with a passive analysis tool. This procedure can be accomplished with one or more USB wireless adapters. Passive analysis with additional adapters increases the probability that a reconnect event will be observed.
- Using passive analysis tools, identify an instance of the targeted SSID with actively associated clients.
- Record the MAC address of the access point and the client to be targeted by the attack.
- Prepare for the attack.
- For Pre-Shared Key (PSK) Attacks and Uncloak Hidden SSIDs, configure your passive analysis tool to monitor the targeted access point or the access point with the next strongest Radio Signal Strength Indicator (RSSI) value. When deauthentication occurs, the client will either reconnect to the targeted access point or one nearby with a strong signal.
- For Enterprise Network Attacks, configure your credential capture or relay tool to operate on an adjacent channel to avoid interference.
- Execute the deauthentication attack using the MAC addresses collected above. Specific instructions for deauthentication attacks can be found in Aircrack-ng Suite, Airgeddon, and Bettercap.
- Monitor tooling for the desired effect.
- Repeat as necessary.